Keep passwords and other sensitive information out of your inboxes and chat logs
GitHub RepoImpressions952

Keep passwords and other sensitive information out of your inboxes and chat logs

@the_ospsPost Author

Project Description

2 PostsID: 1996083756726468996
View on GitHub

Stop Sharing Secrets in Plain Text: Try One-Time Secret

We've all been there. You need to share a database password, an API key, or a temporary login with a teammate. The quickest path is often a Slack message or an email. You know it's a bad practice, but the convenience is hard to beat. The problem is that those secrets now live forever in logs, chat histories, and inboxes, creating a permanent security risk.

What if you could share that secret in a way that truly disappears after it's used? That's the exact problem One-Time Secret solves. It's a simple, self-hosted tool for sharing sensitive information with a built-in self-destruct mechanism.

What It Does

One-Time Secret is a web application that lets you share a piece of sensitive text (like a password or token) via a unique link. The core promise is right in the name: the secret can only be viewed one time. Once that link is accessed, the secret is permanently destroyed from the server. You can also set a passphrase for an extra layer of encryption, so even the server never sees the plaintext secret.

Why It's Cool

The beauty of this project is in its focused simplicity and transparency. It doesn't try to be a full-blown secret management platform like HashiCorp Vault. Instead, it nails one specific, common workflow perfectly.

  • Truly Ephemeral: The one-time-view guarantee is the killer feature. It enforces good hygiene by making secret sprawl impossible.
  • Self-Hosted: You run it on your own infrastructure. This means your company's secrets never touch a third-party server, giving you full control over data and compliance.
  • Passphrase Protection: When you create a secret with a passphrase, it's encrypted with that phrase before it ever hits the database. The server only stores the ciphertext. The recipient must know the passphrase (shared via a separate channel) to decrypt it. This provides end-to-end style security.
  • It's a Ruby App: For developers, it's a clean, open-source Ruby (Sinatra) application. You can audit the code, contribute to it, or modify it to fit your needs. It's a great example of a focused, single-purpose tool done well.

How to Try It

The easiest way to see it in action is to use the public instance run by the maintainers at https://onetimesecret.com/. Just paste a secret, click the button, and share the link. It's the fastest way to understand the flow.

For real use, especially within a team or company, you'll want to self-host it. The GitHub repo has clear instructions. Since it's a Ruby app, you can get it running with:

git clone https://github.com/onetimesecret/onetimesecret
cd onetimesecret
bundle install
# Configure your settings and database
bundle exec foreman start

The repository README details all the configuration options and deployment strategies, including using Docker.

Final Thoughts

One-Time Secret won't replace your need for a proper secrets manager for application configuration. But for those daily operational tasks—onboarding a new dev, sharing access with an external contractor, or sending a forgotten password to a teammate—it's a fantastic tool. It formalizes a secure process for a habit we all know is risky. Adding it to your internal toolkit is a small step that can significantly reduce accidental secret leakage.

It's a classic example of a simple, open-source project solving a real, persistent problem. Next time you're about to paste a password into chat, give it a try instead.

@githubprojects

Contributors

@the_osps
2
Total PostsPosts
1
ContributorsUsers
December 3
CreatedDate
Back to Projects
Project ID: 1996083756726468996Last updated: December 3, 2025 at 05:07 AM